CWE-89

SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.

SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.

** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.

SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.

** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions.